Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Cisco Unified Communications Domain Manager Update SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cisco Unified Communications Domain Manager Update

Yet another round of patches, this time for Cisco's Unified Communications Domain Manager [1].

The vulnerability that is probably going to be exploited first is the backdoor Cisco left behind for support access. In order to provide Cisco support with access to customer equipment, the company felt it was a great idea to equip all instances with the same SSH key. 

Having the same key on all systems is mistake number one, but wouldn't be fatal if the secret key would have been tugged away in Cisco's special safedeposit box. Instead, they left the secret key on customer systems as well. So in other words: If you own one of the systems, you got the key to access all of them.

Filtering SSH access to the device at your border is a good first step to protect yourself if you can't patch right away.


Johannes B. Ullrich, Ph.D.

I will be teaching next: Defending Web Applications Security Essentials - SANS Cloud Defender 2022


4309 Posts
ISC Handler
Jul 2nd 2014

Sign Up for Free or Log In to start participating in the conversation!